Hash Crack Challenge

Password Hash Cracking Contest

· Password Cracking,password hash,password contest,one time grid,password challenge

CHALLENGE OVER

The Challenge

Two plain SHA1 password hashes have been generated using separate techniques from a single "Random-Grid" One-Time Grid (see One-Time Grid write-up <HERE>). This password cracking challenge will last one week, which starts Aug 27th, 2018 1200PM EST and ends September 3rd, 2018 at 1200PM EST.

HASH #1

[CRACKED by @BoursierEtienne] fe0c9f335b35c45e92d5e7d07c5933b6c4c0a522

HASH #2

[CRACKED by @lakiw]

120c249bc0f301ef3cba7a0fcbff463aaaded486

Prizes

Claim your prizes by posting on Twitter to @netmux with the cracked password. All valid submissions must be received before Sept 3rd at 1200PM EST.

Crack HASH #1 gets your name in the next Hash Crack: Password Cracking Manual
Crack HASH #2 first person gets a free Pentester's Portable Cracking Rig with a GTX 1070 (~$1,100 value) ***

***Limit=1. Sorry only United States contestants are eligible to receive the password cracking rig. A $500 Amazon gift card will be awarded for an international winner that cracks HASH #2.

**To receive your final prizes contestants must submit a write-up of your strategy for cracking the password hash. These write-ups will be posted at the end of the challenge accompanying the correct solutions.

Clues

Clues will be given periodically throughout the contest. Please follow @netmux on Twitter for announcements of new clues.

"Pattern" & "Scatter"
One-Time Grid attached below
Birthday Paradox
Are all cell values equally probable?
str(PIN)[:-1]
scatter_cells + str(PIN)[:-1]
Use seven of the possible ten "repeats" to mask your way to the other half of the scatter_cells solution.
Hash #2 = print(len(scatter_cells + str(PIN)[:-1])) = 19
No cell values have been reused in the composition of scatter_cells.
“q$*????????)wc” + str(PIN)[:-1]

CHALLENGE WRITE-UP

-wanted to give back

-rush to get it out, switched from md5 to sha1 at last minute

-hard to know what's obvious when you know the answer

-tried to slow down people with larger rigs and make it about clever analysis and tricks

-Explain each "Clue"

-36 Unique total characters out of 49 = IA9GVwc8oyL$)M.!q03WKH+epP?*{TxJzhbu

-10 characters repeating = IG8oL$.+p3

-7 repeat characters used = $I.3+LG

-HASH #2 = q$*I.3+xLHG)wc71997

08+{superjetyoMKHp

q$*I.3+xLHG)wc71997

The Clues Explained

"Pattern" & "Scatter"
One-Time Grid attached below
Birthday Paradox
Are all cell values equally probable?
str(PIN)[:-1]
scatter_cells + str(PIN)[:-1]
Use seven of the possible ten "repeats" to mask your way to the other half of the scatter_cells solution.
Hash #2 = print(len(scatter_cells + str(PIN)[:-1])) = 19
No cell values have been reused in the composition of scatter_cells.
“q$*????????)wc” + str(PIN)[:-1]

"There is nothing more deceptive than an obvious fact."

HASH #1 = 08+{superjetyoMKHp

HASH #2 = q$*I.3+xLHG)wc71997

Cells with repeat values = q$*I.3+xLHG)wc71997

One-Time Grid: Random Password Book

Hash Crack: Password Cracking Manual

Pentester Portable Cracking Rig